OSSEC supports MySQL and PostgreSQL database outputs.
These configurations options can be specified in the server or local install ossec.conf file.
IP Address of the database server.
Allowed: any valid IP address
Username to access the database.
Allowed: Any Valid Username
Password to access the database.
Allowed: Any Password
Database name to store the alerts.
Allowed: database name
Type of database (Mysql or PostgreSQL).
Note
OSSEC must be compiled with the database type that is to be used.
Allowed: mysql/postgresql
You must have the MySQL or PgSQL Client libraries installed on the OSSEC server. Typically something like
Ubuntu
# apt install mysql-server libmysqld-dev
or
# apt install postgresql libpq-dev
RedHat / CentOS
# yum install mysql-devel
or
# yum install postgresql-devel
You then need to set the DATABASE environment variable and run the ”./install.sh” script, to compile OSSEC with the appropriate database support.
If OSSEC had been previously compiled without database support the files created during the previous build should be removed from the src directory.
# cd src
# make clean
Once the old files have been removed, the installation can be performed.
# DATABASE=mysql ./install.sh
or
# DATABASE=pgsql ./install.sh
After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.
# /var/ossec/bin/ossec-control enable database